JWT signature validation failing in React after implicit grant

NICE CXone API & Integrations
1

Problem

Frontend team is pulling a JWT via implicit grant. Our Python backend expects a verified payload before processing requests. The token looks valid in jwt.io but local verification keeps failing. Headers are set. Code follows.

Code

const verifyToken = async (token) => {
 const client = jwksClient({
 jwksUri: 'https://api.mypurecloud.com/2/v1/jwks'
 });
 return new Promise((resolve, reject) => {
 jwt.verify(token, client.getSigningKey, (err, decoded) => {
 if (err) return reject(err);
 resolve(decoded);
 });
 });
};

Error

Throws JsonWebTokenError: invalid signature. The issuer claim matches correctly. It’s caching the old keys somehow. We’ve tried swapping to jose. Same result.

Question

How do we actually validate these Genesys tokens inside a React component without triggering signature failures? The official docs don’t cover browser verification. Just need the correct JWKS endpoint or a working config block.

2

Implicit grant is deprecated and insecure, so you should switch to PKCE with authorization code flow. If you’re stuck with the current setup, ensure the publicKey matches the JWK set from https://login.mypurecloud.com/2/v1/keys and verify the iss claim matches your environment’s domain.